Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
Breaks the IE safe limit to gain in iframe subframe's local cookie
  Add date: 09/25/2008   Publishing date: 09/25/2008   Hits: 324
Total 2 pages, Current page:1, Jump to page:
 
Author: aullik5

Below today this is mainly must speak such several matters:
1. iframe limit
2. Breaks through iframe to gain the local cookie mentality
3. Breaks the iframe safe limit using Cross Iframe Trick

My testing environment is: IE 7 (7.0.5730.13)

Following all contents all pass through me to test in IE7, is the real effective result.

Iframe limit:
Because iframe this gadget is quite special, therefore the browser has some limits generally to it.

The first my deceased father window cannot control the sub-window js, can only read some objects; The sub-window cannot use the father window js, also can only read the partial objects, what more for instance did document limit.

Relates as follows:

- iframe's should not be able to view content/cookies from another domain
- iframe children CAN view certain properties and execute certain behaviors
 - parent.window.blur
 - parent.window.opener
 - parent.window.length
 - others

- iframe children CAN redirect the parent frame to a new location (great for phishing)
        - parent.location.href
        - parent.window.location regarding somewhat uses the sub-window to carry out the father window js method is the limit
For instance, may such use in the sub-window:
parent.location.href= " http://www.sohu.com ";

The above sentence will redefine the father window sohu the website.

But if wants to carry out js, or reads the document object, will then be refused to visit
parent.location.href=new String (“javascript: alert (document.cookie)”);
parent.location.href=new String (“javascript:alert(1)”);

These two can reject likely.

Does not limit the local cookie transmission unexpectedly regarding iframe, Firefox3! That is, in the Firefox environment, uses iframe to contain a long-distance page, will be will preserve in local cookie transmits, this will cause CSRF extreme convenient.

But IE is different, regarding the IE environment, img and the iframe label can only transmit session cookie, is unable to transmit local cookie, time therefore are many CSRF will be defeated, this will also bring the very big trouble to XSS, for instance will cause XSRF to be more difficult some.

In view of the fact that a Firefox challenge does not have, therefore today main research's object is IE.

Under the IE environment, the programmers are generally use the P3P agreement to gain cross territory cookie, but P3P also requests us to rewrite the HTTP head, is more troublesome, in here, I uses some scripts the skill to break these limits purely.

Breaks the IFRAME limit the mentality: (below is in the IE environment)
Because in page's iframe is transmission session cookie, therefore in the subframe page is in itself only then session cookie, we are unable through to carry out the js method in the subframe to gain local cookie, the fabricated matter cannot do.

Understood after this principle, the mentality has been very explicit: Tries to find solution to be new not the window which limits, thus gains local cookie.

 
Other pages: : 1 * 2 * Next>>
Prev:cookies pours into the essential method and the principle introduction Next:unix webshell jurisdiction promotion method

Comment:

Category: Home > hacker invade
Home